grsecurity forums

by **Cyrus** » Tue Apr 13, 2004 6:42 pm

Hi

Any ideas where why one eggdrop doesnt work? The very same machine is running few eggdrops and this is only one which creates errors:

Apr 14 01:20:44 foo kernel: grsec: From 1.2.3.4: denied load of writable library /home/user/eggdrop/modules-1.6.15/dns.so by (eggdrop:5482) UID(4001) EUID(4001), parent (bash:12665) UID(4001) EUID(4001)
Apr 14 01:20:44 foo kernel: grsec: From 1.2.3.4: denied load of writable library /home/user/eggdrop/modules-1.6.15/channels.so by (eggdrop:5482) UID(4001) EUID(4001), parent (bash:12665) UID(4001) EUID(4001)

All eggdrops are running with different UID/GID.

TIA

by **torne** » Wed Apr 14, 2004 1:05 am

The eggdrop's modules (the .so files) are libraries containing executable code. grsec won't let you load executable code that's writable by people other than the owner, because that's gratuitously insecure (someone else writes over library with malicious code, bot crashes later for some reason, loads up malicious library, deletes files/gives shell as that UID/etc). Change the permissions on the .so files.

by **Cyrus** » Wed Apr 14, 2004 1:15 am

Files are owned by the user and exact rights are:

-rwxr-xr-x 1 user users 12508 Apr 14 01:38 /home/m1x/eggdrop/modules-1.6.15/dns.so

-rwxr-xr-x 1 user users 113404 Apr 14 01:38 /home/m1x/eggdrop/modules/channels.so

Just wonderin why this user cant execute eggdrop and all the others can. Same rights etc.

by **PaX Team** » Wed Apr 14, 2004 5:16 am

Cyrus wrote:Files are owned by the user and exact rights are:

-rwxr-xr-x 1 user users 12508 Apr 14 01:38 /home/m1x/eggdrop/modules-1.6.15/dns.so

-rwxr-xr-x 1 user users 113404 Apr 14 01:38 /home/m1x/eggdrop/modules/channels.so

Just wonderin why this user cant execute eggdrop and all the others can. Same rights etc.

the access rights that matter for this check are those granted by ACLs not the file system, so check those.

by **Cyrus** » Wed Apr 14, 2004 5:30 am

ACLs are like this:

Code: Select all: / { ... /home rwx ... }

and nothing more, no special ACLs for different users, they all got the same.

by **letrout** » Wed Apr 14, 2004 12:11 pm

Maybe you need a

Code: Select all: /home/*/eggdrop/modules-1.6.15 rx

rule?

I like this feature of grsec by the way. Helped me tighten up some sloppiness on my system.

by **Cyrus** » Wed Apr 14, 2004 12:13 pm

Maybe, maybe not.
Few points:
1) why it works on other users?
2) users cant delete the directory after that.

by **letrout** » Wed Apr 14, 2004 12:50 pm

1) Don't know, need someone smarter than me for that one

2) Maybe try

Code: Select all: /home/*/eggdrop/modules-1.6.15/*.so rx

Users still couldn't delete the .so files or the directory though, so maybe no love there.

There's also
3) I should stop making suggestions, because I don't even know what eggdrop is/does and I only barely understand little bits of grsecurity.

Your unlucky day I guess, I just happened to pass by the boards today checking for 2.4.26 patches and decided to make a couple posts. In all honesty you should probably just ignore me and wait for someone else.